Overview

Deliver high-speed performance without sacrificing security

IBM® API Connect® leverages the built-in security of IBM DataPower® Gateway to enable access control for both API providers and consumers with role-based permissions, API packaging constructs, and subscription and community management. This built-in security feature also provides centralized common security, traffic, mediation and acceleration functions, optimized in a security-hardened gateway stack.

Working in IBM API Connect

Design view

An intuitive, graphical interface helps manage API security

Design view

Use a graphical user interface, or the simple design view, to manage your API security.

Source view

Source-code interface

Source view

Handle your detailed security needs using source code through the source view.

Assemble view

Drag-and-drop tools in the assemble view

Assemble view

Manage security using drag-and-drop tools or IBM GatewayScript in the assemble view.

Authentication options

Authentication options panel

Authentication options

Choose your authentication — from basic with API keys to modern third-party OAuth.

Benefits

IBM API Connect leverages the power of IBM DataPower Gateway to secure your APIs

Complete

Using C++ for a single, signed, encrypted image, DataPower Gateway is trusted worldwide. Java-based gateways can leave you vulnerable.

Efficient

DataPower Gateway has a single gateway, so you get more powerful security in one package. Multiple gateways cause complexity, extra work and expense.

Reliable

DataPower Gateway can achieve up to 30,000 TPS. We publish its performance across both simple and robust policy use cases for transparency.

Multiple levels of security

Open Authentication (OAuth)

Open Authentication (OAuth)

OAuth allows third-party websites or applications to access user data without requiring the user to share personal information.

Learn more

Transport Layer Security (TLS)

Transport Layer Security (TLS)

TLS profiles, such as ciphers, offer fine-grained control in securing transmission of data, hindering hackers from tampering with information.

Learn more

User registry authentication

User registry authentication

IBM API Connect supports several user registry types for authenticating users and securing APIs, including LDAP directory, authentication URL and more.

Learn more

Industry use case

Securing APIs in the credit card industry

To manage access to APIs that contain personal details while managing compliance, credit card companies need a powerful API security solution. 
IBM API Connect offers multi-layered security and can move information through a single gateway using some of the highest levels of encryption.

Testimonial

The DataPower Gateway devices handle all inbound traffic and act as a first line of defense for our enterprise.

Jagadish Vemugunta
Lead Technical Architect
Availity

Read the case study

Go deeper into DataPower Gateway

DataPower Gateway for developers

Explore tools, tutorials, and other DataPower Gateway resources for developers.

IBM Integration Community

Check out DataPower Gateway-related discussions, blogs, best practices and more.

Get started with IBM API Connect

Take control of your API ecosystem while propelling your API strategy forward.

Book a meeting

Footnotes

¹ The Forrester Wave: Cybersecurity Incident Response Services, Q1 2019, by Josh Zelonis, 18 March 2019; https://www.ibm.com/downloads/cas/KE05GBKV (PDF, 492 KB)

² The Telegraph, “Millions of Facebook user records exposed in data breach,” by Margi Murphy, 3 April 2019; https://www.telegraph.co.uk/technology/2019/04/03/millions-facebook-user-records-exposed-data-breach/ (Link resides outside IBM)

³ Business Insider, “The 21 scariest data breaches of 2018,” by Paige Leskin, 30 December 2018; https://www.businessinsider.com/data-hacks-breaches-biggest-of-2018-2018-12#1-aadhar-11-billion-21 (Link resides outside IBM)